Payment Protocol Hash Comments [combined summary]

Individual post summaries:

Payment Protocol Hash Comments Drak 2014-03-03 12:39:36+00:00
Payment Protocol Hash Comments Mike Hearn 2014-03-02 10:39:18+00:00
Payment Protocol Hash Comments Drak 2014-03-02 08:52:41+00:00
Payment Protocol Hash Comments Mike Hearn 2014-03-02 08:44:21+00:00
Payment Protocol Hash Comments Jeremy Spilman 2014-03-02 07:52:40+00:00

Click here to read the original discussion on the bitcoin-dev mailing list

Published on: 2014-03-03T12:39:36+00:00

Summary:

In March 2014, an email exchange between Mike Hearn and Gavin discussed the rationale for adding SHA-2 to the spec. It was mentioned that although SHA-2 was available in standard PHP since version 5.1.2, there was a suggestion to remove SHA-1 from the specification unless there was a compelling reason to keep it.Contrary to Mike's previous statement, it was pointed out that PHP does support SHA-2, as evidenced by resources on the php.net website. A discussion thread on the Bitcoin-development mailing list in 2014 also touched on the use of SHA-1 versus SHA-2 in the context of BIP70. Some participants questioned the inclusion of SHA-1 due to its retirement. The thread also raised questions about whether end-users should be able to see details like the pki_type and certificate chain.On March 2nd, 2014, Jeremy Spilman posted a message on the Bitcoin-development mailing list regarding SHA-1 support in PHP development. The message referenced BIP70 and discussed the use of SHA-256 and SHA-1 algorithms for hashing payment messages. It suggested clarifying that the field to be hashed should be 'PaymentRequest' instead of 'Payment' and being more explicit about the hashing process. There were also concerns about SHA-1's retirement and whether it should be included in the system. Additionally, the question was raised about providing end-users with access to details such as pki_type and certificate chains.The BIP70 protocol outlines that the PaymentRequest message is hashed using the SHA256 algorithm if the pki_type is x509+sha256, and the SHA1 algorithm is used if the pki_type is x509+sha1. However, it was noted that the reference may be outdated as the field to be hashed is actually 'PaymentRequest', not 'Payment' message. Suggestions were made to improve the clarity of the protocol, including outlining the hashing process more explicitly. There was also a suggestion to reconsider the use of SHA-1 in the protocol due to its retirement. Additionally, the question was raised about providing end-users with a way to view details like the pki_type and certificate chain, similar to how browsers display this information.

Updated on: 2023-08-01T07:46:43.044932+00:00